Microsoft Word: Zero-Day Exploit Found in RTF, Rich Text Format, Documents

Save
Microsoft Word: Zero-Day Exploit Found in RTF, Rich Text Format, Documents
File photo, Microsoft CEO Steve Ballmer speaks at the company's annual shareholders meeting, in Bellevue, Wash. Microsoft announced Tuesday, Feb. 4, 2014, that Satya Nadella will replace Steve Ballmer as its new CEO. Nadella will become only the third leader in the software giant's 38-year history, after founder Bill Gates and Ballmer. Board member John Thompson will serve as Microsoft's new chairman. (AP Photo/Elaine Thompson, File)
Jack Phillips
3/25/2014
Updated:
7/18/2015

Microsoft Word has been subjected to the Zero-Day exploit by exploiting documents using the Rich Text Format (RTF), which can exploit a vulnerability in Microsoft Word 2010.

“Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010,” said Microsoft in a note on its Security TechCenter on Monday.

The exploit may “allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer,” Microsoft said.

It continues: “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution, ‘Disable opening RTF content in Microsoft Word,' prevents the exploitation of this issue through Microsoft Word. See the Suggested Actions section of this advisory for more information.”

The warning credited Drew Hintz, Shane Huntley, and Matty Pellegrino with Google for finding the RTF security problem. The bug was cataloged as CVE-2014-1761.

Microsoft issued a temporary fix on its Support website, which can be found here. 

Microsoft did not elaborate on who was being targeted by the Word attacks.

“The vulnerability is a remote code execution vulnerability. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code,” Microsoft said.

“The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013. On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.”

SHARE THIS ARTICLE
Jack Phillips
Jack Phillips
Author (Breaking News Reporter)
Jack Phillips is a breaking news reporter with 15 years experience who started as a local New York City reporter. Having joined The Epoch Times' news team in 2009, Jack was born and raised near Modesto in California's Central Valley. Follow him on X: https://twitter.com/jackphillips5
twitter